Fraudsters harvest user passwords via data breach and online phishing

August 5, 2021
Fraudsters user passwords data breach online phishing

It is a usual scenario where our passwords are required to be changed at times of data breach. Still, the truth is that cybercriminals take advantage of this situation by harvesting all the vulnerable target information before victims actually become aware of what’s happening. Learn more about how the data breaching process happens here.  

Passwords have undeniably become the source of protection and authentication for most people on the internet. However, our over-reliance on it comes with a price.


The more people confide to passwords to protect their private information, the more they become exposed to a possible data breach, data spill, or even being hacked.


As the internet becomes more polluted over time with highly sensitive data protected by passwords, the more it endangers people, as paradoxical as it sounds. 

When databases of websites get exposed and unprotected, what usually happens is that the endangered information quickly surfaces on hacker forums and gets highly visible to a group of hackers who can crack passwords. The complication of a password’s combination and hashing algorithm established by the victim website typically steers as to how successful hackers could break it. However, with the proper use of a crypto-mining rig, hackers can decode most passwords hashed through MDS – a most commonly used password hashing algorithm but are typically a weak system. 

As stated by the chief-technology-officer of a security company Emsisoft, Fabian Wosar, if you give the password cracking task to an Ethereum or Bitcoin experienced miner, it is possible that this person could break at least 70 percent of hashed passwords in a couple of days. 

Even with passwords that are built with a far less than one percent success rate of being cracked, fraudsters could still manage to break in with the use of password testing databases being used by millions. Eventually, these compromised credentials are sold to many legal yet murky online services or for fraud. 



It must be evident that it is not a really good idea to reuse old passwords. Although, there are scenarios as well wherein it is not the reusing of passwords that gets victims exposed to data breaches, but with targeted phishing. Technically, the process of phishing is when hackers send emails to their target person or organization where it encourages its recipients to click on certain links, gets them redirected to another suspicious site, and deceives them into typing in their sensitive information such as bank information. 

Take note of these ways to prevent yourself or your organization from being targeted and victimized by data breaches and online phishing: 

  1. Refrain on clicking questionable links and attachments sent on your email from suspicious senders. 
  2. If the email requires you to act quickly or warns you of consequences once you fail to click on the links attached, think thoroughly first and do your own research about the legitimacy of the sender’s narrative. 
  3. Avoid reusing old passwords all over your accounts on the internet. 
  4. Scams and phishing schemes over the phone exist too. Many attackers have trained to execute phone scams convincingly. Try to be as cautious and aware of these schemes as possible. 
About the author

Leave a Reply